LE flags, modified tis directive, moved LE stuff to own file

This commit is contained in:
Matthew Holt 2015-10-16 11:38:56 -06:00
parent 79de2a5de2
commit 4e92c71259
6 changed files with 93 additions and 44 deletions

View file

@ -7,6 +7,8 @@ package app
import ( import (
"errors" "errors"
"os"
"path/filepath"
"runtime" "runtime"
"strconv" "strconv"
"strings" "strings"
@ -74,3 +76,25 @@ func SetCPU(cpu string) error {
runtime.GOMAXPROCS(numCPU) runtime.GOMAXPROCS(numCPU)
return nil return nil
} }
// DataFolder returns the path to the folder
// where the application may store data. This
// currently resolves to ~/.caddy
func DataFolder() string {
return filepath.Join(userHomeDir(), ".caddy")
}
// userHomeDir returns the user's home directory according to
// environment variables.
//
// Credit: http://stackoverflow.com/a/7922977/1048862
func userHomeDir() string {
if runtime.GOOS == "windows" {
home := os.Getenv("HOMEDRIVE") + os.Getenv("HOMEPATH")
if home == "" {
home = os.Getenv("USERPROFILE")
}
return home
}
return os.Getenv("HOME")
}

View file

@ -1,8 +1,6 @@
package config package config
import ( import (
"crypto/rand"
"crypto/rsa"
"errors" "errors"
"fmt" "fmt"
"io" "io"
@ -77,25 +75,20 @@ func Load(filename string, input io.Reader) (Group, error) {
// restore logging settings // restore logging settings
log.SetFlags(flags) log.SetFlags(flags)
privateKey, err := rsa.GenerateKey(rand.Reader, 2048)
if err != nil {
return Group{}, errors.New("Error Generating Key:" + err.Error())
}
for _, cfg := range configs {
// TODO: && hostname does not resolve to localhost (?) && TLS is not force-disabled
if !cfg.TLS.Enabled {
// Initiate Let's Encrypt // Initiate Let's Encrypt
user := LetsEncryptUser{ leUser, err := NewLetsEncryptUser("example1@mail.com")
Email: "example@mail.com", if err != nil {
Key: privateKey, return Group{}, err
} }
client := acme.NewClient("http://192.168.99.100:4000", &user, 2048, "5001") for _, cfg := range configs {
// TODO: && !IsLoopback()
if !cfg.TLS.Enabled && cfg.Port != "http" {
client := acme.NewClient("http://192.168.99.100:4000", &leUser, 2048, "5001")
reg, err := client.Register() reg, err := client.Register()
if err != nil { if err != nil {
return Group{}, errors.New("Error Registering: " + err.Error()) return Group{}, errors.New("Error Registering: " + err.Error())
} }
user.Registration = reg leUser.Registration = reg
err = client.AgreeToTos() err = client.AgreeToTos()
if err != nil { if err != nil {
@ -106,8 +99,6 @@ func Load(filename string, input io.Reader) (Group, error) {
if err != nil { if err != nil {
return Group{}, errors.New("Error Obtaining Certs: " + err.Error()) return Group{}, errors.New("Error Obtaining Certs: " + err.Error())
} }
fmt.Printf("%#v\n", certs)
} }
} }
@ -115,22 +106,6 @@ func Load(filename string, input io.Reader) (Group, error) {
return arrangeBindings(configs) return arrangeBindings(configs)
} }
type LetsEncryptUser struct {
Email string
Registration *acme.RegistrationResource
Key *rsa.PrivateKey
}
func (u LetsEncryptUser) GetEmail() string {
return u.Email
}
func (u LetsEncryptUser) GetRegistration() *acme.RegistrationResource {
return u.Registration
}
func (u LetsEncryptUser) GetPrivateKey() *rsa.PrivateKey {
return u.Key
}
// serverBlockToConfig makes a config for the server block // serverBlockToConfig makes a config for the server block
// by executing the tokens that were parsed. The returned // by executing the tokens that were parsed. The returned
// config is shared among all hosts/addresses for the server // config is shared among all hosts/addresses for the server
@ -303,11 +278,22 @@ func Default() (Group, error) {
return arrangeBindings([]server.Config{NewDefault()}) return arrangeBindings([]server.Config{NewDefault()})
} }
// These three defaults are configurable through the command line // These defaults are configurable through the command line
var ( var (
// Site root
Root = DefaultRoot Root = DefaultRoot
// Site host
Host = DefaultHost Host = DefaultHost
// Site port
Port = DefaultPort Port = DefaultPort
// Let's Encrypt account email
LetsEncryptEmail string
// Agreement to Let's Encrypt terms
LetsEncryptAgree bool
) )
type Group map[*net.TCPAddr][]server.Config type Group map[*net.TCPAddr][]server.Config

35
config/letsencrypt.go Normal file
View file

@ -0,0 +1,35 @@
package config
import (
"crypto/rand"
"crypto/rsa"
"errors"
"github.com/xenolf/lego/acme"
)
func NewLetsEncryptUser(email string) (LetsEncryptUser, error) {
user := LetsEncryptUser{Email: email}
privateKey, err := rsa.GenerateKey(rand.Reader, 2048)
if err != nil {
return user, errors.New("error generating private key: " + err.Error())
}
user.Key = privateKey
return user, nil
}
type LetsEncryptUser struct {
Email string
Registration *acme.RegistrationResource
Key *rsa.PrivateKey
}
func (u LetsEncryptUser) GetEmail() string {
return u.Email
}
func (u LetsEncryptUser) GetRegistration() *acme.RegistrationResource {
return u.Registration
}
func (u LetsEncryptUser) GetPrivateKey() *rsa.PrivateKey {
return u.Key
}

View file

@ -8,18 +8,21 @@ import (
) )
func TLS(c *Controller) (middleware.Middleware, error) { func TLS(c *Controller) (middleware.Middleware, error) {
if c.Port != "http" {
c.TLS.Enabled = true c.TLS.Enabled = true
}
for c.Next() { for c.Next() {
if !c.NextArg() { args := c.RemainingArgs()
switch len(args) {
case 1:
c.TLS.LetsEncryptEmail = args[0]
case 2:
c.TLS.Certificate = args[0]
c.TLS.Key = args[1]
default:
return nil, c.ArgErr() return nil, c.ArgErr()
} }
c.TLS.Certificate = c.Val()
if !c.NextArg() {
return nil, c.ArgErr()
}
c.TLS.Key = c.Val()
// Optional block // Optional block
for c.NextBlock() { for c.NextBlock() {

View file

@ -33,6 +33,8 @@ func init() {
flag.StringVar(&config.Host, "host", config.DefaultHost, "Default host") flag.StringVar(&config.Host, "host", config.DefaultHost, "Default host")
flag.StringVar(&config.Port, "port", config.DefaultPort, "Default port") flag.StringVar(&config.Port, "port", config.DefaultPort, "Default port")
flag.BoolVar(&version, "version", false, "Show version") flag.BoolVar(&version, "version", false, "Show version")
flag.BoolVar(&config.LetsEncryptAgree, "agree", false, "Agree to Let's Encrypt Subscriber Agreement")
flag.StringVar(&config.LetsEncryptEmail, "email", "", "Email address to use for Let's Encrypt account")
} }
func main() { func main() {

View file

@ -50,13 +50,12 @@ func (c Config) Address() string {
return net.JoinHostPort(c.Host, c.Port) return net.JoinHostPort(c.Host, c.Port)
} }
// TLSConfig describes how TLS should be configured and used, // TLSConfig describes how TLS should be configured and used.
// if at all. A certificate and key are both required.
// The rest is optional.
type TLSConfig struct { type TLSConfig struct {
Enabled bool Enabled bool
Certificate string Certificate string
Key string Key string
LetsEncryptEmail string
Ciphers []uint16 Ciphers []uint16
ProtocolMinVersion uint16 ProtocolMinVersion uint16
ProtocolMaxVersion uint16 ProtocolMaxVersion uint16